Skip to:

Huge Security Hole with wp-admin?

  • Avatar of Jsonb123


    I just registered new test accounts on my BuddyPress site and after I get the email activations and login, I can login to wp-admin with these “subscriber” accounts and change EVERYTHING on the back-end!

    I look at user roles and they are still “subscribers” but the bar at the top says “Hi admin! You’re logged in as a site administrator.” What is going on here?! I know I installed BuddyPress correctly.

    Using WPMU 2.7.1, BuddyPress 1.0 and BBPress alpha 6.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Avatar of Seppolaatle112


    If you are sure you installed Buddypress correctly, you need either some sleep or maybe some coffee.

    This is not some bug in Buddypress. Are you sure you didnt register a blog with the account, and that the backend you see belongs to this blog? It is quite clear that members are administrators on their own blog. Can you see the Buddypressmenu in your menu to the left after logging in?

    Avatar of Hyrxx


    hi admin is your main admin account, your still logged in, try using firefox for your main account (admin) and use a different browser to test other registrations and logins

    this might help separate the confusion for you, i also use this method sometimes as cookies are separate between browsers ;)

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.